Cryptographic ASIC with autonomous onboard permanent storage

ABSTRACT

A cryptographic ASIC and method for autonomously storing data into a one-time programmable memory in isolation. Internal circuitry provides programming pulses of a given voltage magnitude and duration for changing the state of selected memory elements. Use of internal circuitry reduces pin count and increases reliability and security over devices relying on external circuitry to provide programming pulses. In one embodiment, the stored data comprises cryptographic data for enforcing a derivative key hierarchy for managing an information stream, such as a blockchain.

RELATED APPLICATIONS

This application claims the priority benefit of commonly-assignedprovisional application U.S. Ser. No. 62/662,544, filed on Apr. 25,2018, and entitled “Cryptographic ASIC For Derivative Key Hierarchy”,which is hereby incorporated by reference in its entirety. Thisapplication is also related by subject matter to commonly-assigned U.S.Ser. No. 14/997,113, filed on Jan. 15, 2016, published on Jul. 20, 2017as U.S. Patent Application Publication 2017/0206382A1, and entitled“Cryptographic ASIC Including Circuitry-Encoded TransformationFunction”, which is hereby incorporated by reference in its entirety.

TECHNICAL FIELD

The disclosed technology relates generally to the design of integratedelectronic circuits, and more particularly, some embodiments relate tothe design of cryptographic integrated circuits.

BACKGROUND

Application-specific integrated circuits (ASICs) are integrated circuitsdesigned and built to serve a particular purpose or application. ASICsprovide fast computational speed compared with slower, more generalizedsolutions, such as software solutions running on general-purposeprocessors or field programmable gate arrays (FPGAs). As the nameimplies, ASICs are generally designed to perform only one specificapplication, resulting in a trade-off between flexibility andcomputational speed. ASICs are increasing in importance incryptography-related fields, such as proof-of-work systems, digitalrights management systems, and other applications generally havingstringent speed and efficiency requirements.

BRIEF DESCRIPTION OF THE DRAWINGS

In the drawings, which are not necessarily drawn to scale, like numeralsmay describe similar components in different views. Like numerals havingdifferent letter suffixes may represent different instances of similarcomponents. The drawings illustrate generally, by way of example, butnot by way of limitation, various embodiments discussed in the presentdocument.

FIG. 1 shows a block diagram of a transform-enabled cryptographiccircuit containing a transform enabled hashing core, implemented as astand-alone integrated circuit, according to an embodiment.

FIG. 2 shows a block diagram of the transform-enabled hashing core,according to an embodiment.

FIG. 3 shows a block diagram of an information hierarchy, according toan embodiment.

FIG. 4 shows a flowchart of the management methodology of theinformation hierarchy, according to an embodiment.

FIG. 5 shows a functional diagram of an internally-programmingintegrated circuit, according to an embodiment.

FIG. 6 shows a flowchart of a customized equipment programming processfor information stream management, according to an embodiment.

FIG. 7 shows a conventional autonomous product with little or nointernal communications security.

FIG. 8 shows an autonomous product with secure inter-chipcommunications, according to an embodiment.

FIG. 9 shows the autonomous product processor in further detail,according to an embodiment.

FIG. 10 shows an integrated circuit with secure inter-chipcommunications and non-volatile memory, according to an embodiment.

FIG. 11 shows a flowchart of a secure inter-chip communicationsmethodology, according to an embodiment.

FIG. 12 shows a flowchart of a methodology for calculating acryptographically secure and verifiable unique processor identifier,according to an embodiment.

FIG. 13 shows a flowchart of a methodology for verifying the transformintegrity of a cryptographic integrated circuit, according to anembodiment.

FIG. 14 shows a computing component that may carry out the functionalitydescribed herein, according to an embodiment.

DETAILED DESCRIPTION OF THE EMBODIMENTS

Embodiments of the technology disclosed herein are directed toward thedesign, fabrication, programming, and utilization of applicationspecific integrated circuits for cryptography-related applications. Moreparticularly, various embodiments of the technology disclosed hereinrelate to ASICs having one or several programmable transformationfunctions embodied as circuitry incorporated into the integratedcircuit's high speed datapath. By encoding transformation function asdatapath circuitry, embodiments of the technology disclosed hereinenable ASICs to implement any one of a very broad range of proof-of-workcalculations, as selected by the user. The proof-of-work basedcryptographic verification processes may include but are not limited tothe cryptographic network transaction verification systems often used inthe emerging field of blockchain technology.

In an example, a cryptographic integrated circuit for managingoperations on an information stream may include a first one-way function(OWF) circuit block that generates a hash of an input message, aprogrammable transformation function circuit block that is customized bya transform key and transforms the hash into a transformed hash, and asecond OWF circuit block that generates a second hash of the transformedhash as an output result. The cryptographic integrated circuit maycontrol an information stream knowledge hierarchy by performingoperations enabling a user to identify the information stream, processan input message from the information stream, or create the informationstream.

In another example, a cryptographic method for managing operations on aninformation stream may include processing an input message from theinformation stream by hashing the input message, performing a customizedtransforming of the hash, and hashing the transformed hash into anoutput result, with the transforming customized based on a transformkey, and enabling creating the information stream based on a userpassphrase from which the transform key is derived.

In another example, a non-transitory computer-readable storage mediummay contain instructions which, when executed by a processor, cause acomputer to execute cryptographic operations for managing operations onan information stream. The operations may include processing an inputmessage from the information stream by hashing the input message,performing a customized transforming of the hash, and hashing thetransformed hash into an output result, with the transforming customizedbased on a transform key, and enabling creating the information streambased on a user passphrase from which the transform key is derived.

In an example, a cryptographic integrated circuit for managingoperations on an information stream may include a transform keygenerator that derives a transform key from a temporary copy of a userpassphrase, and a one-time programmable (OTP) memory that stores thetransform key in isolation using programming pulses from externalcircuitry. The circuit may further include a first one-way function(OWF) circuit block that generates a hash of an input message, aprogrammable transformation function circuit block that is customized bya transform key and transforms the hash into a transformed hash, and asecond OWF circuit block that generates a second hash of the transformedhash as an output result, wherein the operations include identifying theinformation stream, processing an input message from the informationstream into the output result, and/or creating the information stream.

In another example, a cryptographic method for managing operations on aninformation stream may include deriving a transform key from a temporarycopy of a user passphrase, and storing the transform key in a one-timeprogrammable memory in isolation using programming pulses from externalcircuitry. The method may further include processing an input messagefrom the information stream by hashing the input message, performing acustomized transforming of the hash, and hashing the transformed hashinto an output result, with the transforming customized based on atransform key, and enabling creating the information stream based on auser passphrase from which the transform key is derived.

In another example, a system for managing operations on an informationstream may include means for deriving a transform key from a temporarycopy of a user passphrase, and means for storing the transform key in aone-time programmable memory in isolation using programming pulses fromexternal circuitry. The system may further include means for processingan input message from the information stream by hashing the inputmessage, performing a customized transforming of the hash, and hashingthe transformed hash into an output result, with the transformingcustomized based on a transform key, and means for enabling creating theinformation stream based on a user passphrase from which the transformkey is derived.

In an example, a cryptographic integrated circuit for managingoperations on an information stream may include a transform keygenerator that derives a transform key from a temporary copy of a userpassphrase, and a one-time programmable memory that stores the transformkey in isolation using programming pulses from internal circuitry. Thecircuit may further include a first one-way function (OWF) circuit blockthat generates a hash of an input message, a programmable transformationfunction circuit block that is customized by a transform key andtransforms the hash into a transformed hash, and a second OWF circuitblock that generates a second hash of the transformed hash as an outputresult, wherein the operations include identifying the informationstream, processing an input message from the information stream into theoutput result, and/or creating the information stream.

In another example, a cryptographic method for managing operations on aninformation stream may include deriving a transform key from a temporarycopy of a user passphrase, and storing the transform key in a one-timeprogrammable memory in isolation using programming pulses from internalcircuitry. The method may further include processing an input messagefrom the information stream by hashing the input message, performing acustomized transforming of the hash, and hashing the transformed hashinto an output result, with the transforming customized based on atransform key, and enabling creating the information stream based on auser passphrase from which the transform key is derived.

In another example, a system for managing operations on an informationstream may include means for deriving a transform key from a temporarycopy of a user passphrase, and means for storing the transform key in aone-time programmable memory in isolation using programming pulses frominternal circuitry. The system may further include means for processingan input message from the information stream by hashing the inputmessage, performing a customized transforming of the hash, and hashingthe transformed hash into an output result, with the transformingcustomized based on a transform key, and means for enabling creating theinformation stream based on a user passphrase from which the transformkey is derived.

In an example, an integrated circuit for autonomously storing contextdata may include a one-time programmable memory circuit block programmedby internal programming circuitry to store the context data inisolation, and a secure communications circuit block to controlretrieval of the context data.

In another example, a cryptographic method for autonomously storingcontext data in an integrated circuit may include storing the contextdata in isolation in a one-time programmable memory circuit blockprogrammed by internal programming circuitry, and controlling retrievalof the context data with a secure communications circuit block.

In another example, a system for autonomously storing context data mayinclude means for storing the context data in isolation in a one-timeprogrammable memory circuit block programmed by internal programmingcircuitry, and means for controlling retrieval of the context data witha secure communications circuit block.

In an example, a cryptographic integrated circuit for managingoperations on an information stream may include a one-time programmablememory configured to store in isolation a unique configuration keydefined by a foundry for each instance of the integrated circuit, and atransformed hash generator configured to derive a unique circuitidentifier for each instance of the integrated circuit from aninterrogation message using the configuration key.

In another example, a cryptographic method for managing operations on aninformation stream may include storing in isolation in a one-timeprogrammable memory in an integrated circuit a unique configuration keydefined by a foundry for each instance of the integrated circuit, andderiving a unique circuit identifier for each instance of the integratedcircuit from an interrogation message using the configuration key.

In another example, a system for managing operations on an informationstream may include means for storing in isolation in a one-timeprogrammable memory circuit block a unique configuration key defined bya foundry for each instance of an integrated circuit, and means forderiving a unique circuit identifier for each instance of the integratedcircuit from an interrogation message using the configuration key.

In an example, a cryptographic integrated circuit for verifying circuitvalidity for managing operations on an information stream may include aone-time programmable memory configured to store in isolation a uniqueinternal identifier value defined by one of a foundry and a user, foreach instance of the integrated circuit, a transformed hash generatorconfigured to calculate the internal identifier value for each instanceof the integrated circuit from a predetermined input message, and acomparator that determines circuit validity by matching the storedinternal identifier value with the calculated internal identifier value.

In another example, a cryptographic method for verifying circuitvalidity for managing operations on an information stream may includestoring in isolation in a one-time programmable memory in an integratedcircuit a unique internal identifier value defined by one of a foundryand a user, for each instance of an integrated circuit, calculating theinternal identifier value for each for each instance of the integratedcircuit from a predetermined input message, and determining circuitvalidity by matching the stored internal identifier value with thecalculated internal identifier value.

In another example, a system for verifying circuit validity for managingoperations on an information stream may include means for storing inisolation in a one-time programmable memory in an integrated circuit aunique internal identifier value defined by one of a foundry and a user,for each instance of an integrated circuit, means for calculating theinternal identifier value for each for each instance of the integratedcircuit from a predetermined input message, and means for determiningcircuit validity by matching the stored internal identifier value withthe calculated internal identifier value.

FIG. 1 shows a block diagram of a transform-enabled cryptographiccircuit 100 containing a transform enabled hashing core, implemented asa stand-alone integrated circuit, according to an embodiment. Thiscircuit and variations are described in more detail in the patentapplication incorporated by reference above, but a summary descriptionis provided here.

The transform-enabled cryptographic circuit 100 includes an integratedcircuit 102 containing a programming and configuration interface 104, atransform-enabled hashing core 106, and a configuration key 108.Configuration key 108 may be composed of a string of binary digits, andmay also be referred to as a transform key or transformation key. Insome embodiments, a transform key may be derived from the configurationkey 108.

Two exemplary users 110 and 112 may access the integrated circuit 102,with a first user 110 accessing the programming and configurationinterface 104, and a second user 112 accessing the transform-enabledhashing core 106. The second user 112 may use a hashing core userinterface (not shown). In various embodiments, some or all of thefunctions of the configuration and programming interface 104 and thehashing core user interface may be combined into a single configuration,programming, and hashing core user interface, while in other embodimentssuch functions may be divided among more than two interfaces.

The general mode of operation is that the first user 110 may use theprogramming and configuration interface 104 to both configure variousparameters of the operation of the integrated circuit 102 and to programone or more configuration keys 108 into the programmable transformationfunction or functions in the transform-enabled hashing core 106, wherethey may be implemented as datapath circuitry. Note that configurationkeys 108 are not conventional cryptographic keys in the strictest sense,but instead are customized descriptions of how a selected transformationfunction is to be activated, such as to transform original input datainto transformed input data.

The second user 112 may simply enter an input value or transaction ormessage that is directly communicated to the transform-enabled hashingcore 106 that will calculate and output the corresponding hash value.For a given input message and configuration key 104, any user of aninstance of transform-enabled cryptographic circuit 100 should be ableto calculate the same corresponding hash value. The input message maycomprise a transaction block header from a blockchain for example, whichmay be subjected to further operations. Note that processing the inputmessage to produce a corresponding hash value may be carried out by thesecond user without requiring knowledge of the configuration key or keysprogrammed into the programmable transform-enabled hashing core 106.

Due to the interaction thus established between the programmatictransformation and certain mathematical properties of the cryptographicalgorithms involved (particularly, as noted earlier, their nature asOWFs that are easy to perform but hard to revert), the combined effectis to produce a systemic transformation of the bits contained in thefinal value calculated by the circuit. The transformation is not easilydeciphered, not easily distinguishable from noise, and not easilyreplicable by a party lacking full prior knowledge of the key or keysprogrammed into the transformation function. Yet the transformation isfully consistent and easily replicable, and thus verifiable, by a partywith prior knowledge of the keys or access to the means to utilize themin calculation even while lacking knowledge of them (for example, aparty in possession of a previously-programmed ASIC that embodies saidkeys within its datapath circuitry).

In some embodiments, each user may be a person, while in otherembodiments each user may be an automated process such as walletsoftware, mining software or other kinds of automated processes. Incertain embodiments the second user 112 may also have access to theconfiguration of the various operating aspects of the integrated circuit102 as described above. In certain embodiments there may be a singleinterface for the configuration of the various operating aspects of theintegrated circuit 102 as a whole, with the programming of keys and theobtaining of final transform-enabled hash values calculated on the basisof data supplied by a user. In other embodiments some or all of thosefunctions may be separate. In certain embodiments, the integratedcircuit 102 may be part of a larger computing system, such as a miningsystem, a hardware wallet, a secure token or dongle, or others. In someembodiments, various implementations of the integrated circuit 102 maybe part of a system incorporating one or more of such integratedcircuits containing other implementations of the technology describedherein.

In some embodiments, various implementations of the integrated circuit102 may be physically integrated into the same semiconductor material,such as silicon, as other embodiments of the technology describedherein. In some such embodiments, the integrated circuit 102 mayadditionally be further connected to other embodiments of the technologydescribed herein. For example, in various cases the integrated circuit102 may have a shared access to programmable transformation function orfunctions in the transform-enabled hashing core 106 as other circuitswithin the same integrated circuit 102. In various other embodiments,the transform-enabled cryptographic circuit 100 may be physicallyintegrated into the same semiconductor material as another integratedcircuit carrying out a different task, such as a microprocessor, anetwork processor, a system-on-a-chip, and others. In certainembodiments, the transform-enabled hashing core 106 may be embody theconfiguration key 108 as circuitry by means of one-time programmablecircuit elements such as micro-fuses, while in certain embodimentsre-writeable circuit elements, such as non-volatile random access memory(RAM) may be used, and in other embodiments other methods may be used.

FIG. 2 shows a block diagram of the transform-enabled hashing core 106,according to an embodiment. This diagram depicts the operationsperformed for the second user 112 in the obtaining of finaltransform-enabled hash values. An input message 202 or transaction maybe provided to the transform-enabled hashing core 106 and passed througha first one-way function (OWF) implementation or hashing block 204. Theinput message 202 may for example be a candidate transaction blockheader, such as from a blockchain.

In general, a hashing block may be configured as a set of circuitry thatexecutes the mathematical operations defined by the applicable hashingalgorithm. One widely used hashing algorithm is the Secure HashingAlgorithm (SHA), the second version of which is now used as a standardhashing algorithm, often for input messages of 256 bits in length(referred to herein as SHA-256). However, this disclosure is not limitedin that regard, as any OWF may be used.

The output of the first hashing block 204 is a hash 206 of the inputmessage 202. A hash, sometimes known as a message digest, may be used asa type of cryptographic description of original message content. Hashesare convenient for various cryptographic purposes as they may be easilycomputed from an input message, but are computationally difficult toinvert for determination of the original input message. Hashingalgorithms are sometimes referred to as trapdoor functions for thisreason.

The hash 206 may then be processed by an adjustable or customizablyprogrammable transformation function 208, which may also be implementedin circuitry as a transform block. Once programmed, the circuitry withinthe transform block may effect a specific programmatic transformationupon the data provided to it, reflecting the configuration key 108provided to it. Thus, and regardless of the content of the data receivedby the transform block, the transformation the circuitry applies willdirectly and consistently affect the final value calculated by circuitryfurther along the datapath.

The programmable transformation function 208 may generate a transformedhash 210 of the input message 202. The transformation function may bevery simple, such as a inversion of bits in one embodiment, or thetransposition or swapping of bits in another embodiment, or combinationsthereof. The programming of a transformation function therefore maycustomize the treatment to which data fed into the transformationfunction is subjected. The configuration key 108 may control thespecific programming of the programmable transformation function 208.For example, the configuration key 108 may simply be a string of binarydigits denoting which corresponding bits of input data are to beinverted, transposed, or both, by the programmable transformationfunction 208, according to various embodiments. That is, in oneembodiment each particular bit of the configuration key 108 maydetermine whether each corresponding particular bit of input data ispassed through directly without transformation, or is transformed.

The transformed hash 210 of the original input message 202 may then beprocessed by a second OWF implementation or hashing block 212. In someembodiments, the second hashing block 212 may implement the samecryptographic operation as the first hashing block 204. In otherembodiments, the second hashing block 212 may implement a differentcryptographic operation than the first hashing block 204.

Each OWF implementation protects the data provided to it, through itsnon-invertible nature. Conceptually, the input data submitted to an OWFis kept within a cryptographic “shadow” that prevents its discovery fromthe results of the hashing, through computational infeasibility. A partymay thus look “downstream” and see the results of a hash operation thatis applied to an input, but cannot feasibly look “upstream” and see theoriginal input provided to the hash operation. The output 214 of thetransform-enabled hashing core 106 is thus a hash of a transformed hashof the original input message 202.

Knowledge of the user passphrase 302 and of the calculation processwhereby the transform key 306 is calculated based on the user passphrase302 enables the easy calculation of the transform key 306. However,knowledge of the transform key 306 and of the process by which it iscalculated on the basis of the user passphrase 302 does not enable easycalculation of the user passphrase 302. Thus, in such embodiments,knowledge of the user passphrase 302 implies knowledge of the transformkey 306, but knowledge of the transform key 306 does not imply knowledgeof the user passphrase 302. Knowledge of the user passphrase 302 isrequired to configure the transformation function 208 and thus theintegrated circuit 102 to perform in the specific manner that isdescribed by user passphrase 302.

To summarize, the original input message 202 or transaction may beprotected by the first OWF 204, transformed by the custom-programmedtransformation function 208 per the configuration key 108, and thehashed transformed original input message 210 and the customization ofthe transform function 208 may be effectively protected again by thesecond OWF 212.

The present inventor has realized, among other things, that secureprogramming of the transform-enabled cryptographic circuit 100 enables avariety of advantages. For example, a novel information hierarchy may bedefined and cryptographically secured via a transform-enabledcryptographic circuit 100 that stores configuration data withoutproviding external visibility or accessibility to that data. Theinformation hierarchy may enable a cryptographic management methodologythat enables the creation of, provides for useful processing of, andallows the simple identification of an information stream to beprocessed. The information stream may comprise a blockchain, forexample.

Certain embodiments of the technology disclosed herein allow a user toenable third parties to easily verify the proofs-of-work produced bytransform-enabled integrated circuits by providing the third partieswith knowledge of the transform key and thus enabling them to verifysuch proofs of work by means of (for example and without limitation)software running on general-purpose microprocessors, FPGAs programmedfor this purpose, or other means. But knowledge of the transform keydoes not enable the third parties to program additional copies of theintegrated circuit to calculate transform-modified proofs-of-work in thesame manner as they are calculated by instances of the integratedcircuit that have been programmed using the user passphrase. The circuitdescribed has been designed to perform such validations while notrevealing information about the precise mathematical operations involvedin the production of the transformed hash values verified.

Further, the system described is also applicable to fields other thanthe field of blockchain technology. In such other fields, the system maybe used for the creation of other secure hardware-based products.

FIG. 3 shows a block diagram of an information hierarchy 300, accordingto an embodiment. At the highest level of the information hierarchy 300,a programming user may provide a user passphrase 302 that controls allaspects of the information stream management methodology. This user maycomprise the first user 110 of FIG. 1 for example, who may provide theuser passphrase 302 via the programming and configuration interface 104in one embodiment. The user passphrase 302 may be provided during themanufacture of transform-enabled cryptographic circuit 100, orthereafter.

The user passphrase 302 may comprise a string of binary numbers, or astring of text that may be more easily remembered by a human user butstill readily converted into a string of binary numbers. The secrecy ofthe user passphrase 302 may prevent any other parties from enabling thecreation of the information stream being managed. The user passphrase302 may also enable control of all other operations performed in theinformation hierarchy 300, e.g., processing of the information stream,and identification of the information stream.

The transform-enabled cryptographic circuit 100 may receive the userpassphrase 302 and perform on-chip transform key generation processing304 to produce a transform key 306. In one embodiment, the transform key306 is the same as configuration key 108, although embodiments in whichthe transform key 306 is derived from the configuration key 108 are alsoencompassed by this disclosure. The on-chip transform key generation 304processing, rather than a separate off-chip implementation, may enhancesecurity, as will be described.

The transform key generation 304 processing may comprise at least oneapplication of an OWF to the user passphrase 302. In one embodiment, thetransform key generation 304 processing comprises two sequentialapplications of a one way function to the user passphrase 302. Thetransform key generation 304 processing may for example comprise twosequential applications of SHA-256 to the user passphrase 302, althoughthis disclosure is not limited in that regard.

Use of an OWF may render derivation of the user passphrase 302 from thetransform key 306 computationally infeasible. That is, the userpassphrase 302 is upstream of the OWF and is therefore cryptographicallysecure. FIG. 3 thus denotes the transform key 306 as proceeding onlydownward through a trapdoor function via a dashed line.

The transform key 306 may enable customized processing of theinformation stream via the transform-enabled hash operation 308,described previously in FIG. 2, and which may be carried out by thetransform-enabled hashing core 106 of FIG. 1. Thus, other users, such asthe second user 112, may process input messages into transformed hashesas previously described if they know the transform key 306 or have aninstance of the transform-enabled cryptographic circuit 100 thatinternally stores the transform key 306 without providing externalaccess or visibility. However, knowledge of the transform key 306 alonedoes not enable the ownership, e.g., creation or replication, of aninformation stream, as that requires the user passphrase 302. FIG. 3thus denotes the output value 214 as proceeding only downward through atrapdoor function via a dashed line.

In one embodiment therefore, the user passphrase 302 enables creation ofa blockchain, while the transform key 306 enables others who do not knowthe user passphrase 302 to nevertheless process and verify inputmessages 202 such as blockchain headers. Further, knowledge of thetransform key 306 enables the creation of any number oftransform-enabled cryptographic circuits 100 for processing inputmessages 202, if the formulation of the programmable transformationfunction 208 is known.

The formulation of the programmable transformation function 208 may bepublished in many cases, or it may be kept obscured. The cryptographicstrength of the embodiments does not rely on the secrecy of theprogrammable transformation function 208. The transform key 306 thatcontrols the customization of the programmable transformation function208 may also either be kept secret or made public. However this choicedepends on whether the second users 112 are intended to be able toprocess the information stream with only original programmed circuitry,or also with replicated or “cloned” circuitry. For example, in somecases only members of a given group, such as a government or corporationor other set of the second users 112, are intended to have thecapability to process a private information stream, so the transform key306 may be a secret shared only with such intended parties. In othercases, the intent may be for anyone to be able to process a publicinformation stream without the requirement for a shared secret, so thetransform key 306 may be made public.

The transform-enabled cryptographic circuit 100 that has been programmedto contain the transform key 306 may determine a specific predeterminedoutput value 214 by processing a specific predetermined test inputmessage 202. The specific predetermined test input message 202 may forexample be a widely known or standardized string of given length. Invarious embodiments, the specific predetermined input message may be allzeroes, or all ones, or a particular string of text that is easilyremembered by a human user and readily converted to a string of binarynumbers for example.

The specific predetermined output value 214 may be a unique identifierof a given information stream from which input messages 202 originate. Asecond user 112 who possesses neither knowledge of the user passphrase302 nor of the transform key 306 may therefore nonetheless identify agiven information stream using an instance of the programmedtransform-enabled cryptographic circuit 100. Such a second user 112 mayprocess messages, but cannot make copies of the transform-enabledcryptographic circuit 100 that has been programmed to inaccessibly andinvisibly contain the transform key 306. This ability to identify aninformation stream with no direct knowledge of the user passphrase 302nor of the transform key 306 may be particularly advantageous in certainuse scenarios.

For example, in one embodiment the information stream is a blockchain,and the predetermined output value 214 is a ChainID that uniquelyidentifies the blockchain. In the future, there may be a large number ofdifferent blockchains, so through a ChainID any second user 112 with aprogrammed transform-enabled cryptographic circuit 100 may distinguishthe blockchain from which input messages 202 originate from all others.

The ChainID is thus the lowest derivation level of the informationhierarchy 300. The ChainID does not enable the creation of a blockchain(that requires knowledge of the user passphrase 302), and does not byitself enable the ability to replicate the programmed transform-enabledcryptographic circuit 100 (that requires knowledge of the transform key306 by the second user 112 which may not be accessible or visible fromthe programmed transform-enabled cryptographic circuit 100). The ChainIDfunctionality does however enable the easy identification of theblockchain.

Thus, the information hierarchy 300 can separate out the ability tocreate a blockchain, interact with it, and identify it. Someone whoknows only the transform key 306 but not the user passphrase 302 cannotcreate a blockchain for example, but can identify and verify it. Suchverification may be the basis of a proof-of-work system, e.g. bitcoinmining, although this disclosure is not limited in that regard.

FIG. 4 shows a flowchart of the management methodology 400 of theinformation hierarchy, according to an embodiment. The methodology 400is shown arranged from the most restrictive to the least restrictivecontrolled operations described above.

At 402, the methodology 400 may initially determine if a user knows theuser passphrase 302. If so, at 404 the user may be granted full controlover the information hierarchy 300, and is thus equivalent to the firstuser 110 as previously described. Such a user may be provided with theability to create a new unique information stream, such as a blockchainfor example. The user may proceed to create an information stream bycustomizing the programming of a transformation function and using thetransform-enabled cryptographic circuit 100 to create blockchain blockheaders for example. The headers may include a field indicating theparticular validation method to be used for corresponding messagecontent.

If the user does not know the user passphrase 302, the methodology 400may proceed to 406. At 406, the methodology may determine if the userknows the transform key 306. If so, the user may, at 408, be granted thefurther privilege of programming additional instances or copies oftransform-enabled cryptographic circuits 100. The programming may occurduring a manufacturing process or thereafter.

If the user does not know the transform key 306, the methodology 400 mayproceed to 410. At 410, the methodology 400 may determine if the user atleast has a programmed transform-enabled cryptographic circuit 100 toprocess an information stream that has been created in view of thetechnology described in this disclosure. If so, then at 412, themethodology 400 may process a predetermined test input message 202 toproduce a predetermined output value 214 that serves as a ChainID. TheChainID may indicate a particular information stream, such as ablockchain, from which input messages originate. This operation isoptional.

At 414, the methodology 400 may enable the processing of other inputmessages from the information stream. In one embodiment, the informationstream is a blockchain, and the processing comprises verification of theblockchain through computation of transform-customized hashes forsubsequent comparison. If the user does not have a programmedtransform-enabled cryptographic circuit 100, then an information streamthat has been created in view of the technology described in thisdisclosure cannot be processed nor identified by the user.

The present inventor has realized, among other things, that particularcircuitry may advantageously secure the programming of thetransform-enabled cryptographic circuit 100. Such particular circuitrymay enable the first user 110 to provide to the transform-enabledcryptographic circuit 100 with a copy of the user passphrase 302 whichis used to generate the unique configuration key 108 for thecryptographic circuit 100. Similarly, the circuitry may enable thederivation of the transform key 306 from the configuration key 108 inthose cases where the transform key 306 is not the same as theconfiguration key 108.

In either case, storage of the transform key 306 in the circuitry inisolation, e.g., in a manner that is neither accessible nor visibleexternally, serves to enable enforcement of part of the informationhierarchy 300 previously described. That is, if the first user 110 hasknowledge of the transform key 306 during or after its generation, thatuser may replicate circuitry (or executable instructions) thatimplements the particular customized transform-enabled hashing used toprocess input messages 202. In contrast, if the second user 112 does nothave knowledge of the transform key 306 but simply has access tocircuitry that invisibly stores the transform key 306 in isolation, suchsecond user 112 may process input messages but may not replicate thecircuitry. That is, the invisible, inaccessible, and indelible isolatedstorage of the transform key 306 prevents the circuitry from being“cloned”. The processing of input messages 202 may include identifying agiven information stream and verifying messages from the informationstream for example, as previously described, whether by circuitry orexecutable instructions.

Hardware based enforcement of the management of the informationhierarchy 300 may not only enable different users to be granteddifferent levels of control of the information hierarchy 300, it mayalso limit the availability of the transform key 306. For example, ifthe first user 110 who has the user passphrase 302 wants to generate atransform key 306, that does not necessarily mean that the first user110 wants to have actual knowledge of the transform key 306, or evenknowledge of how the transform key 306 is derived from the userpassphrase 302. The first user 110 may not want to be capable ofdetermining the transform key 306 at all.

Instead, the first user 110 may simply wish to create hardware that onlygenerates and securely stores the transform key 306 internally, that is,in isolation, to enable input message processing and information streamidentification by for example second users 112. The particularmethodology for generating the transform key 306 from the userpassphrase 302 thus may not need to be known even to the first user 110who has control of the entire information hierarchy 300.

Similarly, particular circuitry may better protect the user passphrase302 that enables complete control of the entire information hierarchy300. That is, the first user 110 may provide the user passphrase 302 tothe transform-enabled cryptographic circuit 100, but that circuit 100may delete the user passphrase 302 as soon as derivation of theconfiguration key 108 and/or transform key 306 has been completed andthe key value or values are indelibly and inaccessibly stored within thecircuit 100.

The patent application previously incorporated by reference providesfurther detail on the various one-time programmable memory technologiesthat may store information in circuitry. These technologies may includebut are not limited to for example micro-fuses, anti-fuses, non-volatilerandom access memories including but not limited to flash memory orother types of non-volatile memory. In general, determination of thestate of each element of such memories via external physical examinationis intentionally very difficult or infeasible.

Software based implementations of the transform-customized messagehashing process previously described are also within the scope of thisdisclosure. However, hardware based implementations may be more immuneto monitoring during operation. The undesirable consequences of suchmonitoring could include for example the eventual discovery of the userpassphrase 302, the transform key 306, as well as the transform keygeneration 304 methodology.

Hardware implementations may therefore offer better enforcement of therestricted creation of information streams, such as blockchains, basedon the secrecy of the user passphrase 302. Hardware implementations mayalso offer better enforcement of the restricted ability to replicatetransform-customized hashing circuitry, based on the availability of thetransform key 306. This disclosure therefore provides a novelself-contained internally-programming circuit approach to hardware-basedenforcement of the information hierarchy 300.

FIG. 5 shows a functional diagram of an internally-programmingintegrated circuit 102, according to an embodiment. The integratedcircuit 102 acts as a conceptual “shopkeeper” that receives instructionsfrom a customer (e.g., the first user 110) at the front counter of ashop, and then performs various tasks the customer requires, but does so“behind the scenes” or out of view of the customer, in isolation.

In this case, the integrated circuit 102 may receive a copy of the userpassphrase 302 from the first user 110 via the programming andconfiguration interface 104 previously described. The programming andconfiguration interface 104 may act as a “black box” that acceptscertain inputs, but only outputs acknowledgements and does not echo theinputs provided. That is, the programming and configuration interface104 does not allow access to or visibility of the isolated internaloperations of the integrated circuit 102.

The integrated circuit 102 may then generate the transform key 306according to a transform key generation 304 methodology embedded in itscircuitry. The first user 110 may be aware of the transform keygeneration 304 methodology in some embodiments, or the first user 110may not be aware of the transform key generation 304 methodology inother embodiments. Note that transform key 306 may be the same as theconfiguration key 108 or may be derived from the configuration key 108as previously described.

The integrated circuit 102 may then store the generated transform key306 in an indelible and hidden manner, and delete its copy of the userpassphrase 302. In one embodiment, the transform key 306 is stored in aone-time programmable memory 502, which may comprise an array ofmicro-fuses or anti-fuses or various types of non-volatile memory.Micro-fuses are generally short circuits until they are effectively“blown” open (e.g., rendered non-conductive), typically by applicationof a voltage pulse of particular magnitude and duration. Anti-fuses incontrast are generally open circuits until they are effectively “burned”closed (e.g., rendered conductive), typically again by application of avoltage pulse of particular magnitude and duration. These state changesmay not result in physical changes that are readily visible.

The integrated circuit 102 may provide an acknowledgement 504 to thefirst user 110 to for example denote at least one of the receipt of theuser passphrase 302, the deletion of the user passphrase 302, and thesuccessful completion of the storage of the transform key 306 intomemory 502. Thus, the conceptual shopkeeper effectively provides theinternally-programmed integrated circuit 102 to the customer (e.g., thefirst user 110) after having customized it in isolation, e.g., withoutany customer access or visibility into the programming process.

The approach provided offers the first user 110 the advantage oftrusting the hardware implementation with the user passphrase 302 foronly a limited time, because the hardware implementation will not storethe user passphrase 302 once the transform key 306 has been generatedand stored internally. Further, the first user 110 knows that thehardware implementation is relatively secure from attack. That is, ahacker may be able to dismantle the integrated circuit 120 to attempt todetermine the transform key generation methodology and the programmabletransformation function, but the security of the system does not dependon knowledge of either.

Recovery of the actual transform key 306 (which was generated from thenow-deleted user passphrase 302 and stored in the one-time programmablememory 502), which is required for cloning of the integrated circuit102, is generally infeasible via physical examination. Further, a hackermay have to destroy a new copy of the programmed integrated circuit 102with every hacking attempt, which would rapidly become expensive.

With current semiconductor fabrication processes, the incorporation offlash memory onto the same integrated circuit as logic circuitry is notpresently available for processes that produce logic devices of lessthan 28 nm feature size. Use of micro-fuses or anti-fuses therefore maybe advantageous, as they do not suffer from this process limitation.Both micro-fuses and anti-fuses may be placed in the datapath circuitrywithin the integrated circuit in such a manner as to result in a verylimited performance overhead, thus retaining the advantages ASICs haveover other types of solutions in terms of speed and efficiency.

The programming of the one-time programmable memory 502 may be performedduring the manufacture of the integrated circuit 102, or may beperformed subsequently, according to various embodiments. This featureenables the manufacture of “blank” or uncustomized integrated circuits102 that may programmed by the first user 110 without requiring anytrust of the manufacturer. External circuitry (which is not integratedwith the integrated circuit 102) may be designed to generate and apply aprogramming voltage pulse of predetermined magnitude and duration tostore data into an element of memory 502. In some cases such programmingvoltages are higher than logic power supply voltages, so in someembodiments external circuitry may generate such voltages, and applythem when triggered to do so by the integrated circuit 102.

The integrated circuit 102 may for example step through an indexed arrayof elements in the memory 502 to be programmed. The integrated circuit102 may signal the external circuitry when a targeted memory element hasbeen electrically connected to an external pin that receives programmingvoltage pulses from outside the integrated circuit 102. Thus, evenduring programming, the transfer key 306 is not externally visible; onlya set of internally-triggered externally-generated programming pulsesmay be observed in such embodiments. Further, the timing of such triggersignals may be varied to obscure such observations. Similarly, voltagepulses that do not actually program any memory elements may be triggeredto further obscure the programming process.

FIG. 6 shows a flowchart of a customized equipment programming process600 for information stream management, according to an embodiment. At602, the process may begin when a programming user (e.g., the first user110) provides a copy of the user passphrase 302 to the programming andconfiguration interface 104. The programming and configuration interface104 may provide an acknowledgement that it has received the userpassphrase 302, but does not echo back a copy of it.

At 604, the process may acknowledge receipt of the user passphrase. At606, the process may transfer the copy of the user passphrase 302 to thetransform key generator 304. At 608, the process may generate thetransform key 306 with the transform key generator 304. In someembodiments, the transform key generator 304 generates the transform key306 by applying a number of hashing operations (e.g., two applicationsof the SHA-256 hashing function) sequentially to the user passphrase302, but this disclosure is not limited in that regard. In someembodiments, the configuration key 108 is derived from the userpassphrase 302, and the transform key 306 is derived from theconfiguration key 108, but this disclosure is again not limited in thatregard.

At 610, the process may delete the copy of the user passphrase 302. Thisensures that the user passphrase 302 cannot be recovered by a hacker whomay dismantle equipment that enforces the information stream managementconstraints. The deletion may be acknowledged by the programming andconfiguration interface 104.

At 612, the process may store the transform key 306 indelibly andinaccessibly into one-time programmable memory 502. Maintenance of thesecrecy of the transform key 306 may prevent replication of theequipment that enforces the information stream management constraints.At 614, the programming and configuration interface 104 may provide anacknowledgement to the programming user 110 that the customizedprogramming process has been successfully completed.

The present inventor has realized, among other things, that theparticular circuitry that may advantageously secure the transformprogramming of the transform-enabled cryptographic circuit 100 inisolation may be improved. Rather than requiring external circuitry toprovide programming pulses for changing states in elements of theone-time programmable memory 502, in some embodiments an ASIC mayinstead handle all of the memory 502 programming tasks by itself. Thatis, all of the permanent on-chip storage tasks related to keeping thetransform key 306 hidden in the memory 502 may be performed by the sameintegrated circuit 102 that performs the various cryptographic functionspreviously described.

In an embodiment, an autonomous self-programming integrated circuit 102may have its own internal circuitry for permanently recording statesinto permanent on-chip storage. For example, internal voltage-boostingcharge pump circuitry may be integrated together with the logiccircuitry on the same semiconductor chip to generate the voltagesrequired to change memory 502 element states. Internal timer circuitrymay also be integrated on the same semiconductor chip, to apply theboosted voltages to selected memory 502 elements for a predeterminedspecified time. Applicable voltage-boosting and timer circuitry isfamiliar to one of ordinary skill in the art.

Such an integrated circuit 102 alone may fully implement the conceptual“shopkeeper” previously described, who accepts only a user passphrasefrom a programming user (e.g., the first user 110). This embodimentprovides several advantages over the embodiments previously described.

First, there would be no need to coordinate operations between theself-programming integrated circuit 102 and any external (notcommonly-integrated) circuitry used for memory management. Specifically,there would be no need to provide an external pin that would receive theprogramming voltage pulses from any external circuitry outside theintegrated circuit 102, nor an external pin to provide trigger signalsto any external circuitry. Pin count for the integrated circuit 102 maytherefore be reduced, reducing circuit cost and complexity.

Second, the details of the programming voltage pulse magnitude andduration need not be made public with this embodiment. Such details mayallow a hacker to infer what type of one-time programmable memory 502elements are used in the integrated circuit 102 if publicized. Thatinformation could be useful in aiding a hacking attempt. Therefore, theautonomous self-programming integrated circuit 102 described herein maybe more secure than other programmable integrated circuits.

Finally, since no external circuitry is required for memory programmingin this embodiment, overall system reliability may be increased as thereis less possibility that the integrated circuit 102 could be damagedduring its programming. This aspect may be particularly advantageous forembodiments in which the integrated circuit 102 is not programmed duringmanufacture but is instead programmed later, perhaps in a less wellcontrolled environment.

In cases where a user, versus a manufacturer or vendor, performs theprogramming of one-time programmable memory 502 elements, circuitfailures that may actually be due to the user may instead be blamed onthe manufacturer or vendor. In such cases the user may return theintegrated circuit 102 for a refund, falsely asserting that it wasdefective on arrival. The processing of such product returns mayconstitute a significant expense and may unnecessarily put thereputation of a manufacturer or vendor at risk. The use of autonomousself-programming may bypass this issue entirely.

The present inventor has realized, among other things, that theparticular circuitry that may autonomously secure the transformprogramming of the transform-enabled cryptographic circuit 100 inisolation may prove advantageous in a variety of different usescenarios. For example, in one embodiment, an autonomousself-programming integrated circuit 102 may permanently record into theone-time programmable memory 502 a variety of data regarding its historyafter manufacture. The integrated circuit 102 may record instances inwhich excessive voltages were applied to one or more of its pins.

The integrated circuit 102 may also record other data to memory 502 thatis relevant to reliability, including but not limited to maximum sensedoperating temperatures, and detected indications of damage that might berelated to hacking attempts. Such events may occur regardless of whetherthe integrated circuit is programmed by external circuitry, but theprobability of such events may be greater when external circuitry isinvolved. The integrated circuit 102 may therefore use internalcircuitry to store indicia of such events, even if the integratedcircuit 102 is designed to have its transform key 306 programmed usinginternal circuitry.

If an integrated circuit 102 is returned, e.g., to a vendor ormanufacturer, for a refund, the stored data regarding its history aftermanufacture may be retrieved from the one-time programmable memory 502.That data may support a decision to provide a refund or replacement iffor example it shows no unusual events or reliability-related conditionsoccurred after manufacture. Conversely, that data may indicate thatunusual and probably-damaging events or conditions did occur aftermanufacture. If these events or conditions were likely due to a user'sactions, as may be determined for example by the number and/or patternof events or conditions, then a refund or replacement request may bedenied. The number of one-time programmable memory 502 elements may belimited, so the data may simply indicate a count of events meeting somepredetermined threshold qualifications, in one embodiment.

In general, the features of autonomous internal programming and isolatedstorage of cryptographic transform keys into one-time programmablememory, combined with the storage of historical circuit contextinformation, may advantageously resolve many communications securityproblems. For example, a “reset replay” attack may involve repeatedlyresetting the power supply of a system and resuming a previous attackthat might otherwise be ended when the attacked system has counted theattack attempts and taken countermeasures against further attacks. Suchcountermeasures may comprise deleting data stored in non-volatilememory, ignoring all future access attempts for a span of time, or evenactivation of internal self-destruct mechanisms to render itselfentirely inoperable, for example. An attacked system that does not“remember” being previously attacked is less secure than one that does,and can respond accordingly.

Therefore, in one embodiment, a product comprising a number ofintegrated circuits that communicate with each other may use integratedcircuits 102 that are capable of managing their own chip-to-chipcommunications security. For example, an integrated circuit 102 maystore context information into its one-time programmable memory 502 whenit is first activated (e.g., at the foundry where it is fabricated), andmay subsequently store various context information into its one-timeprogrammable memory 502 thereafter so that it will remember its historyeven when powered off and restarted. The context information may gobeyond indicia of events or conditions likely to cause damage, to forexample include cryptographic data related to communications security.

In another embodiment, no context information may be stored at the firstactivation of the integrated circuit 102 at all. Instead, a truenoise-based random number generator onboard the integrated circuit 102may generate a number of cryptographic keys that are subsequently usedto secure inter-chip communications. Thus, inter-chip communicationsbetween integrated circuits 102 within a given product may be managedjust as communications between unknown parties over an untrusted networkare managed.

FIG. 7 shows a conventional autonomous product 700 with little or nointernal communications security. The product 700 may comprise a tablet,mobile phone, laptop computer, or any other type of device that is basedaround a system-on-a-chip (SOC) or processor 702. The processor 702 maybe mounted on a printed circuit board 704 along with other components,and may interact with external users and processes, such as local user706, locally connected process 708, and remotely connected process 710which may connect to a remote database 712.

Various interfaces may handle communications between the processor 702and other parties, such as local user interface 714, locally connectedprocess interface 716, and remotely connected process interface 718. Aremote communications chip 720 may handle data transfer between theremotely connected process interface 718 and the processor 702. Variousprocesses 722 may be executed by the processor 702.

A bulk non-voltage storage device 724, such as a flash storageintegrated circuit for example, may also reside on the printed circuitboard 704 and exchange data with the processor 702. Other integratedcircuits 726 and 728 may also be mounted on the printed circuit board704 and exchange data with the processor 702. For simplicity, the term“flash storage” in this description may refer to any reprogrammablenon-volatile memory technology, and is not necessarily limited to flashmemory per se.

A local low-volume flash storage device 730 for sensitive data may alsoreside on the printed circuit board 704. Communications link 732 maytransfer data between the low-volume non-volatile storage device 730 andthe processor 702. Non-volatile storage device 730 may comprise a flashmemory, as noted.

In some conventional instances, some form of relatively lightweightcryptography may be employed on either side of the communications link732 to sensitive data flash storage device 730. In some instances, onlycertain portions of the processor 702 (sometimes referred to as a“secure zone” or security “sandbox”) may have access to the flashstorage device 730 for sensitive data. This approach to communicationssecurity is fundamentally flawed, and vulnerable to the “reset replay”attack previously described. An improved approach is provided that usesthe transform-enabled cryptographic circuit and one-time programmablememory previously described.

FIG. 8 shows an autonomous product 800 with secure inter-chipcommunications, according to an embodiment. This product is similar toconventional product 700 but adds novel features to distinctly increasecommunications security. The processor 802 may include a first securecommunications circuit block 824 that may mediate all on-chipcommunications 826 with processes 822 and all off-chip communications828 with a separate integrated circuit 830 for secure non-volatilestorage of sensitive data. The first secure communications circuit block824 may have exclusive read/write access to its own one-timeprogrammable memory, and may include internal circuitry for itsprogramming.

Unlike the local low-volume flash storage device 730, integrated circuit830 may include not only a non-volatile storage block 832 but also asecond secure communications circuit block 834, on the samesemiconductor chip. The second secure communications circuit block 834may mediate all on-chip communications with the non-volatile storageblock 832 and all off-chip communications 828 with the first securecommunications circuit block 824. The second secure communicationscircuit block 834 may have exclusive read/write access to its ownone-time programmable memory, and may include internal circuitry for itsprogramming.

FIG. 9 shows the autonomous product processor 802 in further detail,according to an embodiment. On-chip communications 826 may comprisemessages 902 from the on-chip processes 822 to the first securecommunications circuit block 824, and messages 904 to the on-chipprocesses 822 from the first secure communications circuit block 824. Anincoming communications circuit block 910 in the first securecommunications circuit block 824 may handle on-chip communications 826.

Off-chip communications 828 may comprise messages 906 from the firstsecure communications circuit block 824 to the second securecommunications circuit block 834 inside integrated circuit 830, andmessages 908 from the second secure communications circuit block 834 tothe first secure communications circuit block 824. An outgoingcommunications circuit block 912 in the first secure communicationscircuit block 824 may handle off-chip communications 828.

Control unit 914 may comprise circuitry that coordinates the operationsof the first secure communications block 824. Hashing block 916 maycalculate the results of a one-way function applied to an input. Fuseblock 918 may store data into a one-time programmable memory, which mayinclude micro-fuses, anti-fuses, or other non-volatile memory elements.Fuse block 918 may use internal circuitry to generate programmingpulses, as previously described. Memory block 920 may store data usedfor managing communications security. Random number generator (RNG) 922may generate random numbers, as opposed to pseudorandom numbers, as willbe described.

FIG. 10 shows the integrated circuit 830 in further detail, according toan embodiment. Communications 836 between the second securecommunications circuit block 834 and the non-volatile storage block 832may comprise messages 1024 from the second secure communications circuitblock 834 to the non-volatile storage block 832, and messages 1026 tothe second secure communications circuit block 834 from the non-volatilestorage block 832.

An incoming communications circuit block 1010 in the second securecommunications circuit block 834 may handle on-chip communications 836.An outgoing communications circuit block 1012 in the second securecommunications circuit block 834 may handle off-chip communications 828.

Control unit 1014 may comprise circuitry that coordinates the operationsof the second secure communications circuit block 834, and may besimilar to the control unit 914 of the first secure communications block824. Hashing block 1016, fuse block 1018, memory block 1020, and randomnumber generator 1022 may also be similar to their counterparts in thefirst secure communications block 824.

In the embodiment of FIGS. 8-10, communications between the processor802 and the external storage 832 are cryptographically protected basedon cryptographic keys stored in the one-time programmable memories ofthe secure communications blocks 824 and 834. Other security-relatedinformation useful for preventing a reset replay attack may also bestored in the one-time programmable memories, and so would not becleared during a power reset. The data may be stored in the one-timeprogrammable memories using internal circuitry, so there is no chancethat the one-time programmable memory elements may be hacked by externalmeans. The data stored in the one-time programmable memories and used inthe one-way functions encode and validate messages going between theprocessor and the external non-volatile storage. Unlike the product 700of FIG. 7, therefore, communications between the processor and theexternal non-volatile storage cannot be simply monitored or replacedwith falsified messages.

Although logic circuitry and flash memory cannot presently be integratedon the same semiconductor chip if the logic devices are under 28 nm insize, micro-fuses and anti-fuses may be integrated onto a flash memorychip. The secure communications circuit blocks are therefore able toinclude both logic circuitry below 28 nm in size and one-timeprogrammable memory elements comprising micro-fuses and/or anti-fuses.

FIG. 11 shows a flowchart of a secure inter-chip communicationsmethodology 1100, according to an embodiment. This methodology may beimplemented by the circuitry described in FIGS. 8-10. Although describedhere with respect to different integrated circuits assembled into asingle product on a single printed circuit board, the methodology is notlimited in this respect, and may be applied to integrated circuits inentirely different products that interact over a network.

At 1102, the methodology may begin with a random number generator in asecure communications circuit block, such as the RNG 922 in the firstsecure communications circuit block 824 for example. Unlike apseudorandom number generator, which produces numbers that appear to berandom but are actually reproducibly predetermined by a particularalgorithm, the exemplary RNG may generate numbers that are indeed asrandom as possible for the methodology. In one embodiment, the RNG mayamplify noise from an electronic device, such as a reverse-biased diode,and feed such amplified noise into a logic circuit to produce asubstantially random stream of bits.

The RNG may collect this stream of bits into a register of predeterminedsize to produce a random string of binary numbers. The register mayreside in the memory block 920 for example. The RNG may further put thisrandom string of binary numbers through a one-way function or hashingalgorithm as previously described, to further jumble the random stringof binary numbers into an output random number that is in binary formand of a given length. The one-way function may be implemented in thehashing block 916 for example. This hashing may be advantageous if forsome reason the RNG outputs a string of binary numbers that are allzeroes or all ones, which may prove cryptographically weak in somecircumstances.

The output random numbers generated by the RNG may serve a variety ofcryptographic purposes. The output random number may comprise a userpassphrase for controlling an information stream, as previouslydescribed. The output random number may also comprise a nonce, orarbitrary single-time use number for creating secure communicationssessions between communicating parties by excluding the possibility ofreplay attacks. The output random number may also be used as acryptographic key. The output random number may also be used as a saltthat is concatenated onto other output random numbers used for variouspurposes.

At 1104, the methodology may store the output random numbers generatedby the RNG into the one-time programmable memory of the securecommunications circuit block, such as fuse block 918 for example. Theoutput random numbers may be programmed into the one-time programmablememory elements using internal circuitry that generates the programmingpulses. The stored random numbers may thus not be externally visible oraccessible, but may be useable only by the corresponding securecommunications circuit block, such as the first secure communicationsblock 824 for example.

At 1106, the methodology may transmit at least one of the output randomnumbers another secure communications circuit block, such as the secondsecure communications block 834 for example. More generally, the outputrandom numbers may be transmitted to any number of other securecommunications circuit blocks, which may include those in other productsfor example. At 1108, the methodology may store the transmitted randomnumbers into corresponding one-time programmable memories of the othersecure communications circuit blocks.

At 1110, in one embodiment, a first integrated circuit, such as thefirst secure communications circuit block 824, may generate two randomsets of public-private key pairs. The first integrated circuit may thenprogram one of the private keys and both of the public keys into itsone-time programmable memory using its internal programming circuitry.The first integrated circuit may then transmit the other private key andboth of the public keys to a second integrated circuit, such as thesecond secure communications circuit block 834. The second integratedcircuit may then program the private key it has received, and both ofthe public keys it has received, into its one-time programmable memoryusing its internal programming circuitry.

All subsequent communications between the first integrated circuit andthe second integrated circuit, after trust has been established betweenthem, may utilize the public-private key functionality for securecommunications. The initial storage and exchange of the contextinformation (e.g., the cryptographic keys) may occur at the factorywhere a particular product 800 is manufactured. For example, when aprinted circuit board is first populated with its various integratedcircuits, the processor may trigger the methodology and securenon-volatile storage integrated circuits may respond. The initialstorage and exchange of the context information may occur later however,such as when a new user first uses the product.

At 1112, in another embodiment, the methodology may use symmetric keysin place of the public-private key pairs previously described. In afurther embodiment, the methodology may use the private-public key pairsto exchange a randomly-generated short-term symmetric key, as iscurrently done in the HTTPS protocol to create a secure channel over aninsecure network. This approach is therefore a combination of theoperations 1110 and 1112.

At 1114, in another embodiment, a first integrated circuit, such as thefirst secure communications circuit block 824, may transmit anauthorization request to a second integrated circuit, such as the secondsecure communications circuit block 834, along with a random number asan initial challenge. The second integrated circuit may respond with theinitial challenge, a transform-modified hash of the initial challenge,and a new random number as a second challenge. The first integratedcircuit may respond with all the data it received from the secondintegrated circuit, plus a transform-modified hash of the secondchallenge.

The initial challenge is sent as cleartext in this example, but thatdoes not matter because it is the transform-modified hash of that numberthat is used as a block cipher by both sides. This secure communicationsinitialization process may occur when the printed circuit board is firstpopulated with the various integrated circuits, as previously described.In one example, the initial establishment of secure communications mayoccur via direct wiring, while subsequent communications may be viawireless means (including optical). The initialization may also occurthereafter.

Although described in terms of only two secure communications circuitblocks, the methodology is not so limited. The methodology may build asecure network of any number of integrated circuits. In one example, themethodology may treat one integrated circuit as a master that alwaysinitiates the secure communications methodology, and may treat the otherintegrated circuits as slaves that respond to the initiation request butdo not initiate such requests, but the disclosure is not limited in thisregard. Further, the methodology may build a secure network of productsin a network as well, with each product potentially having previouslysecured its own internal network, for example.

The secure communications methodology described may enable theprocessing of an information stream, which may comprise a blockchain.

The present inventor has realized, among other things, that thetransformed hash calculator may create a unique cryptographicallydefined and verifiable processor identifier or “CpuID” for each ASICinstance. The CpuID enables a particular hardware originator of aninformation stream or message to be reliably determined. This contrastswith the exemplary use of a ChainID to reliably denote a particularinformation stream or network destination, as previously described.

FIG. 12 shows a flowchart of a methodology 1200 for calculating acryptographically secure and verifiable unique processor identifier,according to an embodiment. In one example, the ASIC may process apredetermined input message 202 of 256 bits to produce a hash 206, andthen process the hash 206 by an adjustable or customizably programmabletransformation function 208 which uses a configuration key 108 togenerate a transformed hash 210, as previously described. The ASIC mayprocess transformed hash 210 through a second hashing block 212 toproduce a hash of the transformed hash of the input message 214, whichmay serve as the CpuID.

The distinction in this embodiment, at 1202, is that the configurationkey 108 may be based on for example a manufacture date, a wafer lotnumber, a wafer number, x and y (row/column) coordinates or indices foreach die on a wafer, or on other data provided by the foundry in a userpassphrase. At 1204, the ASIC may generate a transform key with atransform key generator and delete the user passphrase as previouslydescribed. At 1206, the configuration key 108 for each ASIC, or atransform key derived therefrom, may be stored into a one-timeprogrammable memory in the ASIC in isolation by a foundry thatmanufactures the ASIC.

Each ASIC instance may therefore generate the unique CpuID wheneverneeded, at 1208, merely by processing the predetermined input message202. The CpuID allows a given ASIC instance to be securely and remotelyidentified across an untrusted network. The predetermined input message202 may be a commonly known and widely used or even standardized“identify yourself” interrogation command string, or a customizedchallenge message.

Although the ASIC described may be used to process an information streamat high speed, a simplified and thus inexpensive version may sufficewhen its primary function of interest is to administer secure data. Thatis, the CpuID calculating hardware may be a stripped-down relativelyslow version of the more general transform-modified OWF hardwarepreviously described. It may not need to be implemented in the maindatapath for high-speed calculations to serve as essentially a verycryptographically secure internal dongle. That is, the ASIC may computethe CpuID to process an incoming message, such as an interrogation toprove that it has a valid transform block, or it may use the CpuID in anoutgoing message, at 1210, to identify which ASIC instance originatedthe outgoing message.

The particular ASIC that establishes a new information stream, such as ablockchain, may be considered an “author” of the information stream.Similarly a particular ASIC that creates a new message such as ablockchain entry may be identified as the “author” of the entry. An ASICused to process blockchains for example may be directly identified asthe processor that performed the work that is the basis of aproof-of-work system. This is distinct from the present bitcoin-relatedpractice of identifying a person who claims to have done the work.

As a result, at 1212, this feature enables monitoring of which ASICshave been mining a given blockchain, to for example pay contractedminers who have been issued processors by a contractor to performprescribed work for that contractor. Similarly, if an unknown person ismining a blockchain with unauthorized ASICs, intrusion detection ispossible via the CpuID feature. Since no user passphrase is passedaround, there is no chance that a bogus clone copy of the blockchaincould be created, unless the one-way function is defeated. Thatpossibility is very unlikely, since the one-way function always throwsaway some information and leaves only a noisy-appearing but verifiableresidue behind.

The CpuID calculator may be useful in consumer electronics items. Forexample, an ASIC could for example be used in a phone so that themanufacturer or reseller could burn a transform block into each suchdevice for tracking purposes. Such devices could be linked to otherdevices or accounts in a network; for example, the phone could besecurely and verifiably linked to a license in a music distributionsystem (which itself may be identified by a specific ChainID). Thishardware-level internal security could enable many different uses,essentially providing system administrator type access privilege control(e.g., read/write/copy/delete) to files on a memory card or at a networklocation, at 1214. This feature could be useful for securely managinglicensed software updates by software makers/vendors, such as thoseproviding operating systems or anti-virus programs for example.

The present inventor has realized, among other things, that thetransformed hash calculator may be used to verify that a given instanceof a cryptographic ASIC is still valid, and can process input messagesproperly. That is, the transform integrity of the ASIC may be verifiedusing a few simple calculations and comparisons. This disclosure thusprovides a cryptographic ASIC and method for autonomously storing aunique internal identifier into a one-time programmable memory in theASIC in isolation, by a foundry or a user, for this purpose. The uniqueinternal identifier may comprise the CpuID previously described, or auser passphrase, transform key, or configuration key, or variouscombinations of these values that are necessary to correctly processinput messages.

FIG. 13 shows a flowchart of a methodology 1300 for verifying thetransform integrity of a cryptographic integrated circuit, according toan embodiment. When powered on, at 1302, the ASIC calculates the valueof the unique internal identifier from a predetermined input andcompares, at 1304, the calculated identifier value to the storedinternal identifier value. A match between the calculated internalidentifier value and the stored internal identifier value indicates thestored internal identifier value is valid, as calculating a correctvalue by chance is cryptographically infeasible. In this case, at 1306,the ASIC transform integrity is verified and normal operation mayproceed.

A mismatch however indicates the stored internal identifier value isinvalid or has not yet been stored because the ASIC has not beenprogrammed. In the latter case, at 1308, the ASIC may issue an errormessage indicating that it needs to be programmed, and normal operationsare halted to allow for such programming. However, a mismatch may alsooccur, at 1310, because one-time programmable memory components undergonatural aging, or because the stored internal identifier value has beenaltered, perhaps by damage from static electricity discharge or byunauthorized access attempts by hackers. In either case, a mismatchindicates the ASIC will not process input messages properly, andavailable corrective steps are required.

Normally, a programmed ASIC that is proven incapable of properlycalculating a given transform value should be disabled so it cannotinitialize, nor process messages erroneously, and an error messageshould be provided. However, the present inventor has recognized thatthe failure of a single copy of a stored internal identifier value tomatch a calculated internal identifier value need not doom the ASIC tothis fate. In one embodiment, at 1312, the ASIC may instead compare thecalculated internal identifier value to another copy or copies of thestored internal identifier value, and disregard unreliable copies of thestored internal identifier.

The ASIC, at 1314, may also compare multiple copies of the storedidentifier in a voting scheme to determine their validity. For example,if two out of three stored identifier values match each other and acalculated identifier value, that is a reasonable indication that thethird stored identifier value that does not match the calculatedidentifier value is invalid and should be disregarded. This feature mayhelp assure a purchaser that the ASIC will be useful as along as aconfirmed good copy of the stored internal identifier value is availablein its one-time programmable storage. The confirmed valid lifetime ofthe ASIC thus may be extended far beyond the useful lifetime of a singlecopy of the stored internal identifier. When the last confirmed goodcopy of the stored internal identifier is gone, the ASIC may return anerror value at bootup, indicating the ASIC is hopelessly damaged,stopping the bootup process.

As used herein, the term set may refer to any collection of elements,whether finite or infinite. The term subset may refer to any collectionof elements, wherein the elements are taken from a parent set; a subsetmay be the entire parent set. The term proper subset refers to a subsetcontaining fewer elements than the parent set. The term sequence mayrefer to an ordered set or subset. The terms less than, less than orequal to, greater than, and greater than or equal to, may be used hereinto describe the relations between various objects or members of orderedsets or sequences; these terms will be understood to refer to anyappropriate ordering relation applicable to the objects being ordered.

The term tool can be used to refer to any apparatus configured toperform a recited function. For example, tools can include a collectionof one or more components and can also be comprised of hardware,software or a combination thereof. Thus, for example, a tool can be acollection of one or more software components, hardware components,software/hardware components or any combination or permutation thereof.As another example, a tool can be a computing device or other applianceon which software runs or in which hardware is implemented.

As used herein, the term component might describe a given unit offunctionality that can be performed in accordance with one or moreembodiments of the technology disclosed herein. As used herein, acomponent might be implemented utilizing any form of hardware, software,or a combination thereof. For example, one or more processors,controllers, ASICs, programmable logic arrays (PLAs), programmable arraylogics (PALs), complex programmable logic devices (CPLDs), FPGAs,logical components, software routines or other mechanisms might beimplemented to make up a component. Hardware logic, includingprogrammable logic for use with a programmable logic device (PLD)implementing all or part of the functionality previously describedherein, may be designed using traditional manual methods or may bedesigned, captured, simulated, or documented electronically usingvarious tools, such as Computer Aided Design (CAD) programs, a hardwaredescription language (e.g., VHDL or AHDL), or a PLD programminglanguage. Hardware logic may also be generated by a non-transitorycomputer readable medium storing instructions that, when executed by aprocessor, manage parameters of a semiconductor component, a cell, alibrary of components, or a library of cells in electronic designautomation (EDA) software to generate a manufacturable design for anintegrated circuit. In implementation, the various components describedherein might be implemented as discrete components or the functions andfeatures described can be shared in part or in total among one or morecomponents. In other words, as would be apparent to one of ordinaryskill in the art after reading this description, the various featuresand functionality described herein may be implemented in any givenapplication and can be implemented in one or more separate or sharedcomponents in various combinations and permutations. Even though variousfeatures or elements of functionality may be individually described orclaimed as separate components, one of ordinary skill in the art willunderstand that these features and functionality can be shared among oneor more common software and hardware elements, and such descriptionshall not require or imply that separate hardware or software componentsare used to implement such features or functionality.

Where components or components of the technology are implemented inwhole or in part using software, in one embodiment, these softwareelements can be implemented to operate with a computing or processingcomponent capable of carrying out the functionality described withrespect thereto. One such example computing component is shown in FIG.14. Various embodiments are described in terms of this example-computingcomponent 1400. After reading this description, it will become apparentto a person skilled in the relevant art how to implement the technologyusing other computing components or architectures.

FIG. 14 shows a computing component that may carry out the functionalitydescribed herein, according to an embodiment. Computing component 1400may represent, for example, computing or processing capabilities foundwithin desktop, laptop and notebook computers, hand-held computingdevices (personal digital assistants (PDAs), smart phones, cell phones,palmtops, etc.), mainframes, supercomputers, workstations or servers, orany other type of special-purpose computing devices as may be desirableor appropriate for a given application or environment. Computingcomponent 1400 might also represent computing capabilities embeddedwithin or otherwise available to a given device. For example, acomputing component might be found in other electronic devices such as,for example, digital cameras, navigation systems, cellular telephones,portable computing devices, modems, routers, wireless applicationprotocols (WAPs), terminals and other electronic devices that mightinclude some form of processing capability.

Computing component 1400 might include, for example, one or moreprocessors, controllers, control components, or other processingdevices, such as a processor 1404. Processor 1404 might be implementedusing a special-purpose processing engine such as, for example, amicroprocessor, controller, or other control logic. In the illustratedexample, processor 1404 is connected to a bus 1402, although anycommunication medium can be used to facilitate interaction with othercomponents of computing component 1400 or to communicate externally.

Computing component 1400 might also include one or more memorycomponents, simply referred to herein as main memory 1408. For example,random access memory (RAM) or other dynamic memory, might be used forstoring information and instructions to be executed by processor 1404.Main memory 1408 might also be used for storing temporary variables orother intermediate information during execution of instructions to beexecuted by processor 1404. Computing component 1400 might likewiseinclude a read only memory (ROM) or other static storage device coupledto bus 1402 for storing static information and instructions forprocessor 1404.

The computing component 1400 might also include one or more variousforms of information storage mechanism 1410, which might include, forexample, a media drive 1412 and a storage unit interface 1420. The mediadrive 1412 might include a drive or other mechanism to support fixed orremovable storage media 1414. For example, a hard disk drive, a floppydisk drive, a magnetic tape drive, an optical disk drive, a compact disc(CD) or digital versatile disc (DVD) drive (read-only or read/write), orother removable or fixed media drive might be provided. Accordingly,storage media 1414 might include, for example, a hard disk, a floppydisk, magnetic tape, cartridge, optical disk, a CD or DVD, or otherfixed or removable medium that is read by, written to or accessed bymedia drive 1412. As these examples illustrate, the storage media 1414can include a computer usable storage medium having stored thereincomputer software or data.

In alternative embodiments, information storage mechanism 1410 mightinclude other similar instrumentalities for allowing computer programsor other instructions or data to be loaded into computing component1400. Such instrumentalities might include, for example, a fixed orremovable storage unit 1422 and an interface 1420. Examples of suchstorage units 1422 and interfaces 1420 can include a program cartridgeand cartridge interface, a removable memory (for example, a flash memoryor other removable memory component) and memory slot, a personalcomputer memory card international association (PCMCIA) slot and card,and other fixed or removable storage units 1422 and interfaces 1420 thatallow software and data to be transferred from the storage unit 1422 tocomputing component 1400.

Computing component 1400 might also include a communications interface1424. Communications interface 1424 might be used to allow software anddata to be transferred between computing component 1400 and externaldevices. Examples of communications interface 1424 might include a modemor softmodem, a network interface (such as an Ethernet, networkinterface card, WiMedia, IEEE 802.XX or other interface), acommunications port (such as for example, a USB port, IR port, RS232port Bluetooth® interface, or other port), or other communicationsinterface. Software and data transferred via communications interface1424 might typically be carried on signals, which can be electronic,electromagnetic (which includes optical) or other signals capable ofbeing exchanged by a given communications interface 1424. These signalsmight be provided to communications interface 1424 via a channel 1428.This channel 1428 might carry signals and might be implemented using awired or wireless communication medium. Some examples of a channel mightinclude a phone line, a cellular link, an RF link, an optical link, anetwork interface, a local or wide area network, and other wired orwireless communications channels.

In this document, the terms “computer program medium” and “computerusable medium” are used to generally refer to media such as, forexample, memory 1408, storage unit 1420, media 1414, and channel 1428.These and other various forms of computer program media or computerusable media may be involved in carrying one or more sequences of one ormore instructions to a processing device for execution. Suchinstructions embodied on the medium, are generally referred to as“computer program code” or a “computer program product” (which may begrouped in the form of computer programs or other groupings). Whenexecuted, such instructions might enable the computing component 1400 toperform features or functions of the disclosed technology as discussedherein.

While various embodiments of the disclosed technology have beendescribed above, it should be understood that they have been presentedby way of example only, and not of limitation. Likewise, the variousdiagrams may depict an example architectural or other configuration forthe disclosed technology, which is done to aid in understanding thefeatures and functionality that can be included in the disclosedtechnology. The disclosed technology is not restricted to theillustrated example architectures or configurations, but the desiredfeatures can be implemented using a variety of alternative architecturesand configurations. Indeed, it will be apparent to one of skill in theart how alternative functional, logical or physical partitioning andconfigurations can be implemented to implement the desired features ofthe technology disclosed herein. Also, a multitude of differentconstituent component names other than those depicted herein can beapplied to the various partitions. Additionally, with regard to flowdiagrams, operational descriptions and method claims, the order in whichthe steps are presented herein shall not mandate that variousembodiments be implemented to perform the recited functionality in thesame order unless the context dictates otherwise.

Although the disclosed technology is described above in terms of variousexemplary embodiments and implementations, it should be understood thatthe various features, aspects and functionality described in one or moreof the individual embodiments are not limited in their applicability tothe particular embodiment with which they are described, but instead canbe applied, alone or in various combinations, to one or more of theother embodiments of the disclosed technology, whether or not suchembodiments are described and whether or not such features are presentedas being a part of a described embodiment. Thus, the breadth and scopeof the technology disclosed herein should not be limited by any of theabove-described exemplary embodiments.

Terms and phrases used in this document, and variations thereof, unlessotherwise expressly stated, should be construed as open ended as opposedto limiting. As examples of the foregoing: the term “including” shouldbe read as meaning “including, without limitation” or the like; the term“example” is used to provide exemplary instances of the item indiscussion, not an exhaustive or limiting list thereof; the terms “a” or“an” should be read as meaning “at least one,” “one or more” or thelike; and adjectives such as “conventional,” “traditional,” “normal,”“standard,” “known” and terms of similar meaning should not be construedas limiting the item described to a given time period or to an itemavailable as of a given time, but instead should be read to encompassconventional, traditional, normal, or standard technologies that may beavailable or known now or at any time in the future. Likewise, wherethis document refers to technologies that would be apparent or known toone of ordinary skill in the art, such technologies encompass thoseapparent or known to the skilled artisan now or at any time in thefuture.

The presence of broadening words and phrases such as “one or more,” “atleast,” “but not limited to,” or other like phrases in some instancesshall not be read to mean that the narrower case is intended or requiredin instances where such broadening phrases may be absent. The use of theterm “component” does not imply that the components or functionalitydescribed or claimed as part of the component are all configured in acommon package. Indeed, any or all of the various components of acomponent, whether control logic or other components, can be combined ina single package or separately maintained and can further be distributedin multiple groupings or packages or across multiple locations.

Additionally, the various embodiments set forth herein are described interms of exemplary block diagrams, flow charts and other illustrations.As will become apparent to one of ordinary skill in the art afterreading this document, the illustrated embodiments and their variousalternatives can be implemented without confinement to the illustratedexamples. For example, block diagrams and their accompanying descriptionshould not be construed as mandating a particular architecture orconfiguration.

The Abstract of the Disclosure is provided to comply with 37 C.F.R. §1.72(b), requiring an abstract that will allow the reader to quicklyascertain the nature of the technical disclosure. It is submitted withthe understanding that it will not be used to interpret or limit thescope or meaning of the claims. In addition, in the foregoing DetailedDescription, it can be seen that various features are grouped togetherin a single embodiment for the purpose of streamlining the disclosure.This method of disclosure is not to be interpreted as reflecting anintention that the claimed embodiments require more features than areexpressly recited in each claim. Rather, as the following claimsreflect, inventive subject matter lies in less than all features of asingle disclosed embodiment. Thus the following claims are herebyincorporated into the Detailed Description, with each claim standing onits own as a separate embodiment.

What is claimed is:
 1. A cryptographic integrated circuit for managingoperations on an information stream, comprising: a transform keygenerator configured to derive a transform key from a temporary copy ofa user passphrase; a one-time programmable memory configured to storethe transform key in isolation using programming pulses from internalcircuitry; a first one-way function (OWF) circuit block configured togenerate a hash of an input message; a programmable transformationfunction circuit block configured to be customized by the transform keyand transform the hash into a transformed hash; and a second OWF circuitblock configured to generate a second hash of the transformed hash as anoutput result.
 2. The circuit of claim 1, wherein the information streamis a blockchain.
 3. The circuit of claim 1, wherein the programmabletransformation function circuit block performs a customizedtransformation function comprising at least one of bit inversion and bittransposition.
 4. The circuit of claim 1, wherein the transform keyenables at least one of identifying the information stream andprocessing an input message from the information stream into the outputresult.
 5. The circuit of claim 1, wherein the transform key is derivedby processing the user passphrase through at least one OWF circuitblock.
 6. The circuit of claim 4, wherein the identifying comprisesgenerating an identifier by processing a predetermined input message. 7.The circuit of claim 1, wherein knowledge of the transform key enablesreplication of the circuit.
 8. The circuit of claim 1, wherein the userpassphrase enables creation of the information stream.
 9. The circuit ofclaim 1, wherein the transform key is derived and stored duringmanufacture of the circuit.
 10. The circuit of claim 1, wherein thetransform key is derived and stored after manufacture of the circuit.11. A cryptographic method for managing operations on an informationstream, the method comprising: deriving a transform key from a temporarycopy of a user passphrase; storing the transform key in a one-timeprogrammable memory in isolation using programming pulses from internalcircuitry; processing an input message from the information stream by:hashing the input message to obtain an input message hash; performing acustomized transforming of the input message hash using the transformkey, to obtain a transformed hash; and hashing the transformed hash intoan output result; and creating the information stream with the outputresult, based on the user passphrase.
 12. The method of claim 11,wherein the information stream is a blockchain.
 13. The method of claim11, wherein the transforming comprises at least one of bit inversion andbit transposition.
 14. The method of claim 11, wherein the transform keyis derived by processing the user passphrase through at least oneone-way function (OWF).
 15. The method of claim 14, wherein thetransform key is derived from the user passphrase by a sequentialapplication of at least two OWFs to the user passphrase.
 16. The methodof claim 11, further comprising identifying the information stream usingan identifier generated by processing a predetermined input message. 17.The method of claim 11, wherein knowledge of the transform key enablesreplication of the method.
 18. The method of claim 11, wherein thetransform key is derived and stored during manufacture of a circuit thatexecutes the method.
 19. The method of claim 11, wherein the transformkey is derived and stored after manufacture of a circuit that executesthe method.
 20. A system for managing operations on an informationstream, the system comprising: means for deriving a transform key from atemporary copy of a user passphrase; means for storing the transform keyin a one-time programmable memory in isolation using programming pulsesfrom internal circuitry; means for processing an input message from theinformation stream by: hashing the input message to obtain an inputmessage hash; performing a customized transforming of the input messagehash using the transform key, to obtain a transformed hash; and hashingthe transformed hash into an output result; and means for creating theinformation stream with the output result based on the user passphrase.